On Sat, 2017-12-09 at 10:28 -0800, Casey Schaufler wrote:
> On 12/9/2017 2:20 AM, Micka�l Sala�n wrote:
> > What about automatically create
> > and assign an ID to a process when it enters a namespace different
> > than
> > one of its parent process? This delegates the (permission)
> > respon
On Fri, 2017-01-13 at 10:06 -0500, Richard Guy Briggs wrote:
> On 2017-01-13 09:42, Eric Paris wrote:
> > On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> > > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > > index 9d4443f..43d8003 10064
On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> 32-bit socketcalls were not being logged by audit on x86_64 systems.
> Log them. This is basically a duplicate of the call from
> net/socket.c:sys_socketcall(), but it addresses the impedance
> mismatch
> between 32-bit userspace proce
On Fri, 2007-12-07 at 14:57 -0500, Paul Moore wrote:
> NOTE: This really is an RFC patch, it compiles and boots but that is pretty
> much all I can promise at this point. I'm posting this patch to gather
> feedback from the audit crowd about the continued overloading of
> the AU
ook on software development
>
> * Convert the SPI in audit records to host byte order
>The current SPI values in the audit record are being displayed in
>network byte order, probably not what was intended
>
> * Proper spacing around commas in function arguments
>
networking but that
same process should not be able to delete other entries or flush the
entire database.
WAS Signed-off-by: Signed-off-by: Joy Latten<[EMAIL PROTECTED]> NOT NOW
WAS Acked-by: James Morris <[EMAIL PROTECTED]> NOT NOW
WAS Acked-by: Eric Paris <[EMAIL PROTECTED]> NOT
On Wed, 2007-03-28 at 12:20 -0400, James Morris wrote:
> On Wed, 28 Mar 2007, Joy Latten wrote:
>
> > Eric, sorry as I know you already patched lspp kernel
> > for testing.
>
> I think it'd be better to have the lspp kernel join the upstream workflow
> process, rather than being a shortcut into
On Fri, 2007-03-23 at 16:58 -0600, Joy Latten wrote:
> @@ -710,11 +713,20 @@ static struct xfrm_state *__find_acq_cor
>
> switch (family) {
> case AF_INET:
> + if (x->id.daddr.a4 == saddr->a4 &&
> + x->props.saddr.a4 == dadd
On Mon, 2007-03-26 at 13:39 -0600, Joy Latten wrote:
> + if ((err = security_xfrm_policy_delete(pol)) != 0) {
> + xfrm_audit_log(audit_info->loginuid,
> +audit_info->secid,
> +
On Fri, 2007-03-23 at 11:47 -0700, David Miller wrote:
> From: James Morris <[EMAIL PROTECTED]>
> Date: Fri, 23 Mar 2007 14:46:48 -0400 (EDT)
>
> > A 'flush' has a semantic implication that all entries will be removed, and
> > it should be atomic and either succeed or fail at that granularity.
>
On Fri, 2007-03-23 at 10:33 -0600, Joy Latten wrote:
> On Fri, 2007-03-23 at 01:39 -0400, Eric Paris wrote:
>
> >
> > In either case though proper auditing needs to be addressed. I see that
> > the first patch from Joy wouldn't audit deletion failures. It appears
&
On Thu, 2007-03-22 at 19:49 -0400, James Morris wrote:
> On Thu, 22 Mar 2007, Joy Latten wrote:
>
> > > I would look at this patch differently if there were some
> > > security level key being checked for a match here, which is
> > > an input key to the flush, but that is not what is happening
> >
On Fri, 2007-03-09 at 16:20 -0800, David Miller wrote:
> From: Joy Latten <[EMAIL PROTECTED]>
> Date: Fri, 9 Mar 2007 17:14:54 -0600
>
> > I noticed that in xfrm_state_add we look for the larval SA in a few
> > places without checking for protocol match. So when using both
> > AH and ESP, whichev
On Wed, 2007-03-07 at 16:07 -0800, David Miller wrote:
> From: David Miller <[EMAIL PROTECTED]>
> Date: Wed, 07 Mar 2007 15:43:16 -0800 (PST)
>
> > From: Eric Paris <[EMAIL PROTECTED]>
> > Date: Fri, 02 Mar 2007 13:51:24 -0500
> >
> > > pfkey_spdg
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
> On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
>
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous c
successes) will actually get audited.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
net/key/af_key.c |5 ++---
net/xfrm/xfrm_user.c |5 ++---
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204..d8fc88c 100644
--- a/net/key/af
pfkey_spdget neither had an LSM security hook nor auditing for the
removal of xfrm_policy structs. The security hook was added when it was
moved into xfrm_policy_byid instead of the callers to that function by
my earlier patch and this patch adds the auditing hooks as well.
Signed-off-by: Eric
and so the
initialization would cause err to be ENOENT. But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT. Also
fixed some white space damage in the same area.
Signed-off-by: Eric Paris &l
On Tue, 2006-11-07 at 11:17 -0600, Venkat Yekkirala wrote:
> int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
> - struct xfrm_user_sec_ctx *uctx, struct sock *sk)
> + struct xfrm_user_sec_ctx *uctx)
> {
> int err;
> - u32 sid;
>
> - BUG_ON(!xp);
> -
On Mon, 2006-10-30 at 13:03 -0500, [EMAIL PROTECTED] wrote:
> plain text document attachment (netlabel-sockopts)
> From: Paul Moore <[EMAIL PROTECTED]>
>
> This patch makes two changes to protect applications from either removing or
> tampering with the CIPSOv4 IP option on a socket. The first is
: Eric Paris <[EMAIL PROTECTED]>
bonding.txt |2 --
1 files changed, 2 deletions(-)
--- linux-2.6.14.2/Documentation/networking/bonding.txt.old 2006-01-06
11:47:31.0 -0500
+++ linux-2.6.14.2/Documentation/networking/bonding.txt 2006-01-06
11:49:18.0 -0500
@@
21 matches
Mail list logo
